Cloud Security News this week 12 Jan 2022 UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a han...
Jan 12, 2022•4 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Fred Wilmot ( @fewdisc ) is an ex-Veteran and Chief Information Security Officer (CISO) of JumpCloud ( @JumpCloud ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Fred Wilmot ( @fewdisc ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episo...
Jan 09, 2022•49 min•Season 3Ep. 2
Cloud Security News this week 5 Jan 2022 Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle ’s innovative...
Jan 05, 2022•5 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Or Weis ( @OrWeis ) co-founder and CEO of Permit.io ( @permit_io ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Or Weis ( @OrWeis ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security ...
Jan 02, 2022•50 min•Season 3Ep. 1
Cloud Security News this week 22 December 2021 Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week’s episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far. To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues were ...
Dec 22, 2021•4 min
Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell’ and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10 . The zero-day had been exp...
Dec 15, 2021•3 min
Cloud Security News this week 8 December 2021 If you use AWS, you may have noticed some issues with your services this week. AWS reported on Tuesday morning that they were seeing impacts to multiple APIs in the US-East 1 region. The issues were impacting their monitoring and incident response tooling impacting their ability to provide timely updates. A bit later they reported that they had identified the root cause of the issue causing service API and console issues. Root logins for consoles in ...
Dec 08, 2021•4 min
Cloud Security News this week 2 December 2021 AWS has launched some improvements to a few of their existing services and no new Security service has been announced yet. With Google Cloud announcing their CyberSecurity Action team earlier this year , we were hoping for a similar response or better from AWS but nothing so far. Updates to AWS Shield , Amazon Cloud Guru and Amazon Inspector. For those storing CloudTrail logs or other important logs to help with incident response in S3 buckets, you c...
Dec 02, 2021•7 min
Cloud Security News this week 24 November 2021 CSA recently announced that they have now had 1500 Cloud services evaluated across to the STAR registry principles. According to CSA, by publishing to the registry organizations can show current and potential customers their security and compliance posture which may prevent the need for them to complete multiple security questionnaires. You can find more information about CSA and STAR registry here Security researcher Schütz was rewarded a $4,133 bo...
Nov 24, 2021•5 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Andrew Krug ( @andrewkrug ) is a AWS Re:invent speaker and Cloud Security Evangelist at DataDog ( @DataDogHQ ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Andrew Krug ( @andrewkrug ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episode...
Nov 21, 2021•52 min•Season 2Ep. 54
Cloud Security News this week 17 November 2021 According to a research by Trend Micro, Elastic Computing Service (ECS) instances for Alibab Cloud are becoming an increasingly common target for financially motivated hackers with cryptomining goals. This increased targeting may be due to a few unique features of Alibaba Cloud. Alibaba ECS instances come with a preinstalled security agent and provides root access/ privileged control by default. There is a detailed article attached about this here J...
Nov 17, 2021•5 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ran Ribenzaft ( @ranrib ) is an AWS Serverless Hero, Forbes under 30 and the co-Founder of Epsagon ( @Epsagon ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Ran Ribenzaft ( @ranrib ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes...
Nov 14, 2021•38 min•Season 2Ep. 53
Cloud Security News this week 10 November 2021 Microsoft is extending its native cloud security posture management (CSPM) and workload protection capabilities to Amazon Web Services (AWS) - yes you heard that right! within a suite called Microsoft Defender for Cloud. This was previously know as Azure Security Center and Azure Defender At their annual conference Ignite 2021, their focus was enterprise cloud protection, specially multi cloud environments. Microsoft Defender for Cloud will now let ...
Nov 10, 2021•4 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jon Zeolla ( @jonzeolla ) is a Cloud Native Contributor, co-founder CTO of Seiso. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Jon Zeolla ( @jonzeolla ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channe...
Nov 07, 2021•38 min•Season 2Ep. 52
Cloud Security News this week 27 October 2021 In case you missed the quarterly earnings updates from last episode, I do encourage you to check it out to see how Google Cloud and Azure faired last Quarter. AWS came out still leading the pack $16.11 billion in the quarter, up almost 39% from a year ago. You can view the report here Industry Tech giants including Google, Salesforce, Okta and Slack have announced the creation of a “vendor-neutral” security baseline for businesses called ‘Minimum Via...
Nov 03, 2021•3 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Maximilian Burkhardt ( @maxb ) is a Staff Security Engineer at Figma ( @Figma ) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Maximilian Burkhardt ( @maxb ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Cha...
Oct 31, 2021•42 min•Season 2Ep. 51
In this episode of the Virtual Coffee with Ashish edition, we spoke with Chris Hughes ( @Linkedin-Profile ) is a host of the Resilient Cyber Podcast. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Chris Hughes ( @Linkedin-Profile ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Ch...
Oct 28, 2021•21 min•Season 2Ep. 50
Cloud Security News this week 27 October 2021 UK’s spy agencies have given a contract to AWS to host classified material. Their intention is to boost use of data analytics and artificial intelligence for espionage. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade. The Guardian has reported that “the contract with Amazon is likely to ignite concerns over sovereignty because the UK’s most secret data will be hosted by a single US tech company ” - Quite th...
Oct 27, 2021•6 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Nathan Case ( Linkedin Profile ) is a Senior Director, Security Operations at Resilience . Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Nathan Case ( Linkedin Profile ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out ou...
Oct 24, 2021•47 min•Season 2Ep. 49
Cloud Security News this week 22 October 2021 Hope you have been enjoying your Cloud Security News this week and in our special third instalment for this week we bring you our best bits from Hashiconf Global 2021, conference held by Hashicorp. Hashicorp is a software company who provide open source tools and products - some of their popular products Vagrant, Terraform, Vault and boundary - You can view the conference and the talks here The opening keynote was delivered by their Co-Founders Mitch...
Oct 22, 2021•3 min
Cloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team’s favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today’s episode. TUF refers to The Update Framework, SPIFFE refers to Secure Producti...
Oct 21, 2021•3 min
Cloud Security News this week 20 October 2021 Google Cloud is adding new features to their zero trust access solution, BeyondCorp Enterprise which will enable identity and context-aware access to non-web applications running in Google Cloud and non-Google Cloud environments. They also claim to be making it easier for admins to diagnose access failure, triage events, and unblock users with the new Policy Troubleshooter feature. If you are familiar with XDR - which allows for Extended Detection an...
Oct 20, 2021•6 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Om Moolchandani ( @omaitrika ) is a CISO and CTO at Accurics ( @AccuricsSec ).. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Om Moolchandani ( @omaitrika ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Cha...
Oct 17, 2021•49 min•Season 2Ep. 48
Cloud Security News this week 14 October 2021 It's an eventful month for all things cloud as Google Cloud Next 21 and Kubecon are happening this week. Ashish from Cloud Security Podcast was co-hosting the Capture the Flag today with Magno Logan from Trend Micro, you can check it out here . In next week’s episode we will be bringing to you the best bits from Kubecon and Google Cloud Next 21. You can view these events virtually at the links below Google Cloud Next 21 Kubecon Google Cloud announced...
Oct 13, 2021•5 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar ( @gauravphoenix ) is the Founder of Dassana ( @DassanaSecurity) . Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Gaurav Kumar ( @gauravphoenix ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Ch...
Oct 10, 2021•36 min•Season 2Ep. 47
Cloud Security News this week 06 October 2021 AWS has announced the availability of AWS Cloud Control API - a set of common application programming interfaces (APIs) that are designed to make it easy for developers to manage their AWS and third-party services. AWS Cloud Control API can be used to create, read, update, delete, and list (CRUD-L) your cloud resources that belong to a wide range of services—both AWS and third-party. You won't have to generate code or scripts specific to each individ...
Oct 06, 2021•3 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with David McCaw ( Linkedin - David McCaw ) is a Co-Founder of Dasera ( @DaseraInc ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: David McCaw ( Linkedin - David McCaw ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our Yo...
Oct 03, 2021•49 min•Season 2Ep. 46
Cloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud. The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies. The framework can be found here Microsoft has published information this week on a new malware it calls Fog...
Sep 29, 2021•4 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca ( @shehackspurple ) is an Author, Security Trainer and Founder of We Hack Purple ( @WeHackPurple ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Tanya Janca ( @shehackspurple ) Podcast Twitter - Cloud Security Podcast ( @CloudSecPod ) If you want to watch videos of this LIVE STREAMED episode and past epi...
Sep 26, 2021•44 min•Season 2Ep. 45
In this episode of the Virtual Coffee with Ashish edition, we spoke with Abisola Dayspring Johnson aka Day ( @CyberwoxAcademy ) is a Threat Analyst at Optiv ( @Optiv ) and the Founder of Cyberwox Academy helping aspiring CyberSecurity students to get into CyberSecurity. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Abisola Dayspring Johnson aka Day ( @CyberwoxAcademy ) Podcast Twitter - C...
Sep 24, 2021•42 min•Season 2Ep. 44
